Should I use a "Small Memory Dump" or "Kernel Memory Dump?"

windows-7 memory dump
20,581

Kernel-mode dump files

There are basically three types of kernel-mode dump files:

Windows 8 introduced a fourth type: Automatic Memory Dump.

The main difference between them is the size: smaller dump files will get written quickly to disk and take less space; larger dump files will contain more debugging information which might be useful.

Another difference is the location and the overwriting behavior. Complete/kernel dumps are written to C:\Windows\Memory.dmp by default, overwriting the previous file (if any). Small dumps are stored in the C:\Windows\Minidump folder, and since each dump is given a different name, previous ones are preserved.

From my limited experience, I can say small dumps alone usually have enough data to diagnose basic issues. Either way, you should disable the automatic restart option. This way you can actually see the bug check technical details in case the system fails to create a memory dump.

Complete memory dump

This file includes all of the physical memory that is used by Windows. A complete memory dump does not, by default, include physical memory that is used by the platform firmware.

This dump file requires a pagefile on your boot drive that is at least as large as your main system memory; it should be able to hold a file whose size equals your entire RAM plus one megabyte.

Source: Complete Memory Dump

Kernel memory dump

This kind of dump file is significantly smaller than the Complete Memory Dump. Typically, the dump file will be around one-third the size of the physical memory on the system. Of course, this quantity will vary considerably, depending on your circumstances.

For most purposes, this crash dump is the most useful. It is significantly smaller than the Complete Memory Dump, but it only omits those portions of memory that are unlikely to have been involved in the crash.

Source: Kernel memory dump

Small memory dump

This kind of dump file can be useful when space is greatly limited. However, due to the limited amount of information included, errors that were not directly caused by the thread executing at time of crash may not be discovered by an analysis of this file.

Source: Small memory dump

Further reading

Share:
20,581
Community
Author by

Community

Updated on September 18, 2022

Comments

  • Community
    Community almost 2 years

    I use Memory Dumps to analyse BSODs and other crashes, and generally keep my PC set to the standard "Small Memory Dump" setting, as shown below.

    enter image description here

    However, there is another setting, "Kernel memory dump", avaliable as well. What's the difference between the two types of dumps, and which one is better for crash analysis?

    • Joe
      Joe over 10 years
      I've always used Kernal memory dump. I was told it includes more detailed information regarding the circumstances... but then again I've never needed more detailed information... debugging is pretty straight forward.
    • magicandre1981
      magicandre1981 over 10 years
      kernel dump includes more details and is better to debug the cause of a BSOD.
    • barlop
      barlop over 8 years
      @magicandre1981 how big is the kernel memory dump?
    • magicandre1981
      magicandre1981 over 8 years
      @barlop look in taskmgr for the pool usage. This depends on the drivers that you have installed.
    • barlop
      barlop over 8 years
      @magicandre1981 just paged, not non paged? or paged + non paged?
    • magicandre1981
      magicandre1981 over 8 years
      @barlop this is a good question. I would say non paged + all pages from "paged" that are in RAM and NOT paged out to disk. From Windows Internals Book: "A kernel memory dump contains only the kernel-mode pages allocated by the operating system and device drivers that are present in physical memory at the time of the crash. [..] In addition, all data structures relevant for crash dump analysis—including the list of running processes, the kernel-mode stack of the current thread, and list of loaded drivers—are stored in nonpaged memory that saves in a kernel memory dump.
    • magicandre1981
      magicandre1981 over 8 years
      "There is no way to predict the size of a kernel memory dump because its size depends on the amount of kernel-mode memory allocated by the operating system and drivers present on the machine. "
    • barlop
      barlop over 8 years
      @magicandre1981 Logically, as "its size depends on the amount of kernel-mode memory allocated by the operating system and drivers present on the machine." <-- Then surely it is possible to , not predict, but state without needing to even predict, the size of a kernel memory dump! (despite what your quote goes on to say about it thus being impossible.. the reason it gives suggests that it is possible!)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Blue screen of death and memory dump hangs for hours
How to analyze a memory dump on Windows after a blue screen error?
How can I dump the memory of a process in Windows 7?
How to dump memory image from linux system?
My Laptop is consuming all the RAM despite no programs open
Why is svchost.exe(netsvcs) taking so much RAM?
Computer not using all available RAM... Windows 7
Why is my computer using so much ram?
Windows 7 PC stuck in boot loop after RAM upgrade
Windows 7: Why is not all my memory usable?